Introduction to the Protected Mode API

Protected Mode helps reduce the severity of threats to Windows Internet Explorer 7 and its extensions by eliminating the silent installation of malicious code through software vulnerabilities. Protected Mode accomplishes this goal using the integrity mechanisms of Windows Vista which restrict access to processes, files, and registry keys with higher integrity levels. The Protected Mode API enables software vendors to develop extensions and add-ons for Windows Internet Explorer that can interact with the file system and registry from a low integrity process, such as Protected Mode Internet Explorer.

Finding Low Integrity Write Locations

Extensions written for Internet Explorer 7 should write files and settings to a low integrity location, such as the Temporary Internet Files folder, by default. Low integrity locations enable write access for processes with a low privilege level. Writing to a low integrity location helps protect the system against potentially malicious data from the Internet.

Saving Files in Protected Mode

When Microsoft ActiveX controls and other extensions are running in Protected Mode, they cannot directly download files outside the Temporary Internet Files, History, Cookies, and Temp folders. File operations that attempt to write to other locations are intercepted and redirected to a "virtualized" location in a low integrity area. To save a file outside the virtualized location, extensions can use the following two Protected Mode API functions.

IEShowSaveFileDialog—Call this function with a target location of the file that you want the user to save to. The user is prompted with the Save As dialog box, and the function returns the destination file path that the user specified.

IESaveFile—Call this function with the handle returned from the previous operation and the temporary file path to the download location. The Protected Mode User Broker process copies the file from the temporary location to the target location. To free the associated memory without saving the file, call IECancelSaveFile.

The following example shows how to use the Protect Mode API to perform an elevated privilege file save operation. In this example, the data is written to a temporary location prior to the save operation, which copies the file in a user-mode operation to a higher privileged area. If the file has already been downloaded to the Internet cache, this step is not necessary.